Katina MichaelKathleen M. VogelJeremy PittMariana Zafeirakopoulos...
15-30页
查看更多>>摘要:Rapid progress in Artificial Intelligence (AI) is presenting both opportunities and threats that promise to be transformative and disruptive to the field of cybersecurity. The current approaches to providing security and safety to users are limited. Online attacks (e.g., identity theft) and data breaches are causing real-world harms to individuals and communities, resulting in financial instability, loss of healthcare benefits, or even access to housing, among other undesirable outcomes. The resulting challenges are expected to be amplified, given the increased capabilities of AI and its deployment in professional, public, and private spheres. As such, there is a need for a new formulation of these challenges that considers the complex social, technical, and environmental dimensions and factors that shape both the opportunities and threats for AI in cybersecurity. Through an exploration and application of the socio-technical approach, which highlights the significance and value of participatory practices, we can generate new ways of conceptualising the challenges of AI in cybersecurity contexts. This paper will identify and elaborate on key issues, in the form of both gaps and opportunities, that need to be addressed by various stakeholders, while exploring substantive approaches to addressing the gaps and capitalizing on the opportunities at the micro/meso/macro levels, which in turn will inform decision-making processes. This paper offers approaches for responding to public interest security, safety, and privacy challenges arising from complex AI in cybersecurity issues in open socio-technical systems.
查看更多>>摘要:While artificial intelligence (AI) offers significant benefits, it also has negatively impacted humans and society. A human-centered AI (HCAI) approach has been proposed to address these issues. However, current HCAI practices have shown limited contributions due to a lack of sociotechnical thinking. To overcome these challenges, we conducted a literature review and comparative analysis of sociotechnical characteristics with respect to AI. Then, we propose updated sociotechnical systems (STS) design principles. Based on these findings, this paper introduces an intelligent sociotechnical systems (iSTS) framework to extend traditional STS theory and meet the demands with respect to AI. The iSTS framework emphasizes human-centered joint optimization across individual, organizational, ecosystem, and societal levels. The paper further integrates iSTS with current HCAI practices, proposing a hierarchical HCAI (hHCAI) approach. This hHCAI approach offers a structured approach to address challenges in HCAI practices from a broader sociotechnical perspective. Finally, we provide recommendations for future iSTS and hHCAI work.
查看更多>>摘要:We provide an argument for why current Resilience Engineering (RE) tools are unlikely to see widespread adoption, and recommendations for making more adoptable RE tools. Resilience engineering continuously grows in popularity, and various RE tools have existed for years; however, we have found that convincing technology development teams to use RE tools is a “tough sell” for a variety of reasons. We synthesized insights and lessons learned from interacting with numerous technology development teams and the scholarly literature on RE. We then analyzed a set of RE tools through the lens of these insights, and we developed a cohesive and analysis-driven argument for why RE tools are a tough sell, and, more importantly, we developed recommendations to improve future tools. We found that challenges for adoption of current RE tools by technology development teams include RE tools that 1) require too great a level of effort, 2) have unobvious value, 3) require the technology to already exist, 4) have a scope that exceeds agency of technology developers, and 5) do not readily generate relevant systems engineering artifacts. Different underlying factors shape or constrain the solution space; however, there are several recommendations for developing RE tools that are more likely to achieve widespread adoption by technology developers. This research is directly applicable to RE practitioners seeking to have greater engagement with technology development teams. Further, this work is likely generalizable to develop any kind of participatory tools for human-centered design.
查看更多>>摘要:This research provides an in-depth exploration of the intersection of cybersecurity, artificial intelligence (AI), and big data (CAB) across six sectors in manufacturing and public service. It highlights the transformative potential of these technologies in reshaping industries and enhancing efficiency while also underscoring the challenges they present, particularly in data protection and privacy. To put these challenges in context, a security model consisting of three dimensions (security goal, security control, and data state) is developed and applied to six sectors. The resultant models represent a major step toward more effective risk assessment in practice. They should also inspire research efforts to further advance CAB more effectively and responsibly.
John TwomeyDidier ChingMatthew Peter AylettMichael Quayle...
64-79页
查看更多>>摘要:Deepfakes are a form of synthetic media that uses deep-learning technology to create fake images, video, and audio. The emergence of this technology has inspired much commentary and speculation from academics across a range of disciplines, who have contributed expert opinions regarding the implications of deepfake proliferation on fields such as law, politics, and entertainment. A systematic scoping review was carried out to identify, assemble, and critically analyze those academic narratives. The aim is to build on and critique previous attempts at defining the technology and categorizing the harms and benefits of deepfake technology. A range of databases were searched for relevant articles from 2017 to 2023, resulting in a large multi-disciplinary dataset of 102 papers, 181,659 words long, which were analyzed qualitatively through thematic analysis. Implications for future research include questioning the lack of research evidence for the supposed positives of deepfakes, recognizing the role that identity plays in deepfake technology, challenging the perceived accessibility/ believability of deepfakes, and proposing a more nuanced approach to the dichotomous “positive and negatives” of deepfakes. Furthermore, we show how definitional issues around what a deepfake is versus other forms of fake media feeds confusion around the novelty and impacts of deepfakes.
查看更多>>摘要:This study delves into the escalating risk of a major disruption event involving Cloud Service Providers (CSPs) within the global financial system, amidst shifting supplier dynamics and mounting economic challenges. It focuses on the increasing dependence of financial institutions on three CSPs for critical business services, highlighting the emergent issue of “cloud concentration risks.” The paper explores various factors influencing technological decisions in financial institutions, including events and the regulatory environment. The advantages of cloud computing, and the potential risks associated with CSPs transitioning their business models from growth-centric to value-oriented strategies are also discussed. Furthermore, CSPs are contending with rising operational costs and diminishing profit margins, compelling them to adopt cost-saving measures such as prolonging the lifecycles of hardware components. This analysis also considers the implications of potential increases in cloud computing costs and the financial burden of migrating services, underscoring significant challenges faced by financial institutions in this evolving landscape.
NETL
NSTL